Overview
- Description
- An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- CWE-89
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37CC1778-2B2D-472B-B426-0B69AB2C3DF7",
"versionEndExcluding": "7.4.2.800"
},
{
"criteria": "cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "266293F1-635B-4EA1-9CF7-984B4A5F0B2B",
"versionEndExcluding": "8.0.410",
"versionStartIncluding": "8.0.0"
}
],
"operator": "OR"
}
]
}
]